The federal government warned the public about the risks of commercial tools that can be used to spy on journalists and political dissidents.
The National Counterintelligence and Security Center issued a warning after the Biden administration took action against the NSO Group and other firms that have developed software. The software on the phone gives access to almost all the content on the device.
The administration is trying to make it harder for companies to operate because they are trying to push them out of the business of developing commercial spyware that can be used. The United States is worried that authoritarian governments are using spy ware to track journalists and political enemies, and that it can be placed on the phones of diplomats to learn government secrets.
The most harmful software can be put on a phone without the user being tricked into clicking a link. Updating devices with the latest operating systems is one of the steps the security center outlined on Friday.
Last year, Apple discovered a program that gave broad access to devices used by US diplomats in Uganda. The discovery was made public after the Biden administration took actions against companies that develop such software.
NSO has always insisted that it chooses and vets its clients. Technology firms and organizations that defend dissidents have questioned its track record.
The US found that NSO's software and operations run contrary to American foreign policy interests. The firm was placed on the Commerce Department's "entities list", which prevents it from receiving key U.S. technologies.
Candiru, an Israeli firm, was also taken action by the Biden administration. They were accused of providing the tools to clients, not hacking into the phones of journalists.
The warning by the National Counterintelligence and Security Center, which is part of the Office of the Director of National Intelligence, aims to raise awareness of the risks posed by the internet.
We are concerned that certain governments are using commercial software in ways that pose a serious counterintelligence and security risk to U.S. personnel and systems, and also to target journalists, human rights activists or others perceived as critics.
There is little that can be done to stop the most advanced spyware from being placed on a phone. Less sophisticated software still relies on malicious links, meaning that avoiding suspicious emails, attachments and messages can prevent some attacks.
Some of the center's recommendations, like disabling options that allow a phone to track its location or covering cameras, will be more difficult to follow because they interfere with the functions that make smartphones useful.
Other best practices are easy to follow. Some types of malicious software that live in the memory of mobile devices should be removed or damaged regularly.
The center recommended using virtual private networks and maintaining physical control of devices.
The center said that the steps don't eliminate risks. As long as the device is not compromised, be careful with sensitive content.
The director of security intelligence research at Lookout said that many people are unaware of the vulnerabilities in modern phones.
He said that people don't realize that their phones are computers that are always connected to the internet and can be attacked.
Lookout studied the NSO developed Pegasus spyware to learn how it uses exploits to take over all the functions of a phone.
People often use apps that send data over the internet, but that information has to be kept on the phone, and that can be a problem.
Mr. Hebeisen said that his device had the key. It is possible to get at the data at that point.